From 3176b9dd295006722110ece5f96833e2ec2a5421 Mon Sep 17 00:00:00 2001 From: Thomas Deutschmann Date: Sat, 30 Nov 2019 02:45:04 +0100 Subject: net-dns/dnssec-root: move dev-perl/XML-XPath to BDEPEND Closes: https://github.com/gentoo/gentoo/pull/13805 Closes: https://bugs.gentoo.org/701510 Package-Manager: Portage-2.3.80, Repoman-2.3.19 Signed-off-by: Thomas Deutschmann --- net-dns/dnssec-root/dnssec-root-20181220-r1.ebuild | 79 ++++++++++++++++++++++ net-dns/dnssec-root/dnssec-root-20181220.ebuild | 79 ---------------------- 2 files changed, 79 insertions(+), 79 deletions(-) create mode 100644 net-dns/dnssec-root/dnssec-root-20181220-r1.ebuild delete mode 100644 net-dns/dnssec-root/dnssec-root-20181220.ebuild (limited to 'net-dns/dnssec-root') diff --git a/net-dns/dnssec-root/dnssec-root-20181220-r1.ebuild b/net-dns/dnssec-root/dnssec-root-20181220-r1.ebuild new file mode 100644 index 000000000000..8af38f03fa85 --- /dev/null +++ b/net-dns/dnssec-root/dnssec-root-20181220-r1.ebuild @@ -0,0 +1,79 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +DESCRIPTION="The DNSSEC root key(s)" +HOMEPAGE="https://www.iana.org/dnssec/" +SRC_URI="https://data.iana.org/root-anchors/root-anchors.xml -> root-anchors-${PV}.xml + https://data.iana.org/root-anchors/root-anchors.p7s -> root-anchors-${PV}.p7s + https://data.iana.org/root-anchors/icannbundle.pem -> icannbundle-${PV}.pem" + +LICENSE="public-domain" +SLOT="0" +KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~x64-macos" +IUSE="" + +RDEPEND=">=dev-perl/XML-XPath-1.420.0" +DEPEND="" + +src_unpack() { + mkdir "${S}" || die + + cp -t "${S}" "${DISTDIR}"/root-anchors-${PV}.{p7s,xml} "${DISTDIR}"/icannbundle-${PV}.pem || die +} + +src_prepare() { + mv root-anchors-${PV}.xml root-anchors.xml || die + mv root-anchors-${PV}.p7s root-anchors.p7s || die + mv icannbundle-${PV}.pem icannbundle.pem || die + + if has_version "dev-libs/openssl" ; then + # Signature validating is optional: + # - We are already downloading SRC, signature file & CA from same URI + # - We store checksums for distfiles + einfo "dev-libs/openssl is available, will validate signature of root-anchors.xml" + openssl smime -verify \ + -content root-anchors.xml \ + -in root-anchors.p7s -inform der \ + -CAfile icannbundle.pem || die "OpenSSL S/Mime verify failed" + else + einfo "dev-libs/openssl is not available, skipping optional validation root-anchors.xml" + fi + + default +} + +src_compile() { + local KEYTAGS="" ALGORITHMS="" DIGESTTYPES="" DIGESTS="" i=1 + + KEYTAGS=$(xpath -q -e '/TrustAnchor/KeyDigest/KeyTag/node()' root-anchors.xml) + ALGORITHMS=$(xpath -q -e '/TrustAnchor/KeyDigest/Algorithm/node()' root-anchors.xml) + DIGESTTYPES=$(xpath -q -e '/TrustAnchor/KeyDigest/DigestType/node()' root-anchors.xml) + DIGESTS=$(xpath -q -e '/TrustAnchor/KeyDigest/Digest/node()' root-anchors.xml) + while [ 1 ] ; do + KEYTAG=$(echo ${KEYTAGS} | cut -d" " -f$i) + [[ "${KEYTAG}" != "" ]] || break + + ALGORITHM=$(echo ${ALGORITHMS} | cut -d" " -f$i) + [[ "${ALGORITHM}" == "" ]] && die "root-anchors.xml contains invalid key: ${KEYTAG} is missing algorithm" + + DIGESTTYPE=$(echo ${DIGESTTYPES} | cut -d" " -f$i) + [[ "${DIGESTTYPE}" == "" ]] && die "root-anchors.xml contains invalid key: ${KEYTAG} is missing digest type" + + DIGEST=$(echo ${DIGESTS} | cut -d" " -f$i) + [[ "${DIGEST}" == "" ]] && die "root-anchors.xml contains invalid key: ${KEYTAG} is missing digest" + + echo ". IN DS $KEYTAG $ALGORITHM $DIGESTTYPE $DIGEST" >> root-anchors.txt + i=`expr $i + 1` + done + + if [[ ! -s "root-anchors.txt" ]] ; then + die "Sanity check failed: root-anchors.txt is empty or does not exist!" + fi +} + +src_install() { + insinto /etc/dnssec + doins root-anchors.{p7s,txt,xml} icannbundle.pem +} diff --git a/net-dns/dnssec-root/dnssec-root-20181220.ebuild b/net-dns/dnssec-root/dnssec-root-20181220.ebuild deleted file mode 100644 index 3c8605cef524..000000000000 --- a/net-dns/dnssec-root/dnssec-root-20181220.ebuild +++ /dev/null @@ -1,79 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -DESCRIPTION="The DNSSEC root key(s)" -HOMEPAGE="https://www.iana.org/dnssec/" -SRC_URI="https://data.iana.org/root-anchors/root-anchors.xml -> root-anchors-${PV}.xml - https://data.iana.org/root-anchors/root-anchors.p7s -> root-anchors-${PV}.p7s - https://data.iana.org/root-anchors/icannbundle.pem -> icannbundle-${PV}.pem" - -LICENSE="public-domain" -SLOT="0" -KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~x64-macos" -IUSE="" - -RDEPEND="" -DEPEND=">=dev-perl/XML-XPath-1.420.0" - -src_unpack() { - mkdir "${S}" || die - - cp -t "${S}" "${DISTDIR}"/root-anchors-${PV}.{p7s,xml} "${DISTDIR}"/icannbundle-${PV}.pem || die -} - -src_prepare() { - mv root-anchors-${PV}.xml root-anchors.xml || die - mv root-anchors-${PV}.p7s root-anchors.p7s || die - mv icannbundle-${PV}.pem icannbundle.pem || die - - if has_version "dev-libs/openssl" ; then - # Signature validating is optional: - # - We are already downloading SRC, signature file & CA from same URI - # - We store checksums for distfiles - einfo "dev-libs/openssl is available, will validate signature of root-anchors.xml" - openssl smime -verify \ - -content root-anchors.xml \ - -in root-anchors.p7s -inform der \ - -CAfile icannbundle.pem || die "OpenSSL S/Mime verify failed" - else - einfo "dev-libs/openssl is not available, skipping optional validation root-anchors.xml" - fi - - default -} - -src_compile() { - local KEYTAGS="" ALGORITHMS="" DIGESTTYPES="" DIGESTS="" i=1 - - KEYTAGS=$(xpath -q -e '/TrustAnchor/KeyDigest/KeyTag/node()' root-anchors.xml) - ALGORITHMS=$(xpath -q -e '/TrustAnchor/KeyDigest/Algorithm/node()' root-anchors.xml) - DIGESTTYPES=$(xpath -q -e '/TrustAnchor/KeyDigest/DigestType/node()' root-anchors.xml) - DIGESTS=$(xpath -q -e '/TrustAnchor/KeyDigest/Digest/node()' root-anchors.xml) - while [ 1 ] ; do - KEYTAG=$(echo ${KEYTAGS} | cut -d" " -f$i) - [[ "${KEYTAG}" != "" ]] || break - - ALGORITHM=$(echo ${ALGORITHMS} | cut -d" " -f$i) - [[ "${ALGORITHM}" == "" ]] && die "root-anchors.xml contains invalid key: ${KEYTAG} is missing algorithm" - - DIGESTTYPE=$(echo ${DIGESTTYPES} | cut -d" " -f$i) - [[ "${DIGESTTYPE}" == "" ]] && die "root-anchors.xml contains invalid key: ${KEYTAG} is missing digest type" - - DIGEST=$(echo ${DIGESTS} | cut -d" " -f$i) - [[ "${DIGEST}" == "" ]] && die "root-anchors.xml contains invalid key: ${KEYTAG} is missing digest" - - echo ". IN DS $KEYTAG $ALGORITHM $DIGESTTYPE $DIGEST" >> root-anchors.txt - i=`expr $i + 1` - done - - if [[ ! -s "root-anchors.txt" ]] ; then - die "Sanity check failed: root-anchors.txt is empty or does not exist!" - fi -} - -src_install() { - insinto /etc/dnssec - doins root-anchors.{p7s,txt,xml} icannbundle.pem -} -- cgit v1.2.3-65-gdbad